From nobody Thu Dec 21 13:43:41 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sws8Y3Xxrz54prg; Thu, 21 Dec 2023 13:43:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Sws8Y2WzQz4Nck; Thu, 21 Dec 2023 13:43:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1703166221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/2tUM13aT55QWssPEAwCezYwpYjMoafu0+PYNhKJAKg=; b=h3n07SVad8oNUzIQqUj/lCrnbCV+Llr4sXUsPyt+PelUXN6bv9HAdXX7BH3PyXWHH4T/WY VJTHABkPTsw6mogn4HgqYT9AmIBol8RSvU8b4/h0UiCaksyFjTzLWA6kok9ajzRJfDLoak 3QlwaCn5qUzqniCz+1PErLPGCKrviQLvQN6BCXtUyaMxzaptHpF2kpeCREtUk5HVGDPjwn iuyfn1LL+eevEXZv8Qbjlq2i/+R0a6KyuT+EvTeCU4CtY8M3wP6Ex9uHh45enJIoSfQx75 wA9Rz8DU8D6DNOHXV5LSjpHeGzC1Kper+eDezbOQqIlOCB2PC62sAP/j8PbePw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703166221; a=rsa-sha256; cv=none; b=o/Tg4KYfUUZRfm0YnHzno44T/jQZlOUNYz6Nc5V/CawFL1T29gSH6VKcv/aYAPlCexwvOP nZnZzL5dAfkPIaaSr/Af5tOTeBvFHXffSxUATnbsmWLFNdGmuZlDEPf95b6lyMK7L6cgFf hEEdB/PHpbUF+fCK5R53O0Sj211gFpOYtVhJ0s3yqPxDF/Y3AH1cY5kPh1+kTWPSnXG3e/ LXwbYXLAfdlslDXAg/DEQdsM6EWIlJJKgZ8wXA0aZhLc2smz/ueKMXPzFwAMDLMJ2oo6WY snTyZLTexmZJUb+xK5WRxOU9snsaDaE5c/L7dLfvvqKxO9JqohJGf0P9Vap0tQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1703166221; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/2tUM13aT55QWssPEAwCezYwpYjMoafu0+PYNhKJAKg=; b=mokL7duto9EH/V+me6E8PBgJHDyCViHHDqGMiF+ep+DWuYY1TM7cGC15CrXC9YOGvc2fsw t3xRPvty1JuDnKUBZXdTi3OP6KqnaqTxwJYESH8Y9wkimqaCzgCDZGs+o10ps75aElkN0l h4EA2cfjWphUmQiDFPLxLoBcrZ8h78kzvhwkpQl8b2xx1NXd3rKvTuU6yWc536JUa6GRqP dotNtsSP2oGeVVt63vACZhaGU/UOSsujfzqMVISqTUzqWlPmH8xZ+6uG+WQEKGNL99u5p8 ufpIU8v2zxFlBLHYAMHF75HIhdyYuV8G2D52c39f80O2FW1yuBvYCtQIqi8o3w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Sws8Y1SxYzb4H; Thu, 21 Dec 2023 13:43:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BLDhfG1079320; Thu, 21 Dec 2023 13:43:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BLDhf2l079317; Thu, 21 Dec 2023 13:43:41 GMT (envelope-from git) Date: Thu, 21 Dec 2023 13:43:41 GMT Message-Id: <202312211343.3BLDhf2l079317@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: f0951233c6d3 - stable/13 - cr_canseeothergids(): Use real instead of effective group membership List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: f0951233c6d33da3c9a6bc347d9ae7aa911d7ca9 Auto-Submitted: auto-generated The branch stable/13 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=f0951233c6d33da3c9a6bc347d9ae7aa911d7ca9 commit f0951233c6d33da3c9a6bc347d9ae7aa911d7ca9 Author: Olivier Certner AuthorDate: 2023-08-17 23:54:45 +0000 Commit: Olivier Certner CommitDate: 2023-12-21 13:38:07 +0000 cr_canseeothergids(): Use real instead of effective group membership Using the effective group and not the real one when testing membership has the consequence that unprivileged processes cannot see setuid commands they launch until these have relinquished their privileges. This is also in contradiction with how the similar cr_canseeotheruids() works, i.e., by taking into account real user IDs. Fix this by substituting groupmember() with realgroupmember(). While here, simplify the code. PR: 272093 Reviewed by: mhorne Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40642 (cherry picked from commit 91658080f1a598ddda03943a783c9a941199f7d2) Approved by: markj (mentor) --- sys/kern/kern_prot.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index e6c11d2ea74b..1c9e2927bc5e 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1406,21 +1406,18 @@ SYSCTL_INT(_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW, int cr_canseeothergids(struct ucred *u1, struct ucred *u2) { - int i, match; - if (!see_other_gids) { - match = 0; - for (i = 0; i < u1->cr_ngroups; i++) { - if (groupmember(u1->cr_groups[i], u2)) - match = 1; - if (match) - break; - } - if (!match) { - if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0) - return (ESRCH); - } + if (realgroupmember(u1->cr_rgid, u2)) + return (0); + + for (int i = 1; i < u1->cr_ngroups; i++) + if (realgroupmember(u1->cr_groups[i], u2)) + return (0); + + if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0) + return (ESRCH); } + return (0); }